Tech 3 August 2018

Dennis Wafula

Bug bounty hunter exposes Monero bug enabling theft from exchanges

Privacy-centric altcoin Monero was discovered to have been carrying a bug that allows hackers to steal coins directly from cryptocurrency exchanges.

According to reports, the hackers managed to make use of old-fashioned social engineering to forge transaction data and use it to manipulate the support staff into crediting their accounts manually with extra XMR. The bug planted by the hackers multiplied the transactions, making it easier for the staff to approve dodgy transactions and credit these accounts. Reports showed that the attackers could exploit this repeatedly until they completely siphon all the money on an exchange.

Jason Rhineland, a Canadian Ph.D. candidate in Economics at Queens University, submitted a post on HackerOne revealing the system vulnerability. At the time of his post, the “business logic errors” are still active in Monero’s system. The bug was ranked 9 out of a possible 10, making it a “critical” in terms of severity.

Reports also show that the bug affected other Monero-based coins. According to reports, the attackers managed to steal ARQ coins from Altex, a wallet exchange desk. Altex has already alerted its users and all other virtual currencies in the ecosystem about the issue. It also suspended operations until proper measures have been put in place. It is yet unclear how much money the operator lost during the hack. The small operator said that they have suffered a big loss.

Reports on the HackerOne bug bounty program showed that five more operators have been affected by the recent attack on Monero’s system in the last 24 hours. The flaw has since been fixed in Monero’s system, but it is still unclear whether other affected systems have tackled the issue.

Bug bounty programs have helped stop many hacking threats by pointing out system shortcoming beforehand. Virtual exchanges and other cryptocurrency business are benefiting from these programs. Just a few weeks ago, bug bounties collected $24,000 in one week from four different blockchain projects.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

How Metanet creates an immutable Internet

Tech 15 February 2019

How Metanet creates an immutable Internet

Metanet and Bitcoin were roughly conceived “in the depths of the late 90s” from the concept of an economically incentivized Internet, according to nChain Chief Scientist Dr. Craig Wright.

Read More
HSBC slashes forex costs with blockchain

Tech 15 February 2019

HSBC slashes forex costs with blockchain

The firm confirmed it had reduced costs for its forex business by as much as 25%, in what analysts describe as an example of the importance of distributed ledger technology to banks and their bottom lines.

Read More
UC Berkeley launches blockchain accelerator for startups

Tech 14 February 2019

UC Berkeley launches blockchain accelerator for startups

The University of California, Berkeley recently announced the launch of a new blockchain-focused accelerator, the Berkeley Blockchain Xcelerator for blockchain startups.

Read More